Amendment to the Specification: 

Please replace the last paragraph on page 1 (line 27, page 1 - line 4, page 2) as follows: 

An example of another kind of security policy is conflict of interest, specifically a 'Chinese 
Wall Policy'. This policy prevents an analyst who is consulting for company A from accessing 
potentially sensitive information on company B, a competitor of company A. Thus A, thus 
preventing the analyst from providing company A with confidential information about company 
B (or making recommendations to company A based on this confidential information). Separation 
of duties is considered to be an integrity policy while conflict of interest would be a confidentiality 
policy. Other security policies such as compliance to legislative regulations, and privacy are also 
enforced through security policies. 

Please replace the first paragraph on page 4 (lines 3-21) as follows: 

The arrangement of Fig. 1 is intended to implement the teachings of the present invention 
which can be used to enforce security policies without the problems described above with respect 
to the prior art. Tho arrangement of Fig. 1 As illustrated in the arrangement of Fig. U a site specific 
domain model 102 is used by an editor 103 to selectively create Transient Rule Generator (TRG) 
Rules and customized template rules that are appropriate for a given environment, based on a set 
of Template Rules 104. The site specific domain model provides information that is specific to any 
particular data access environment. This includes actual table and file names, schema names, user 
names, role names etc. The editor 103 places these rules into a permanent storage area 107 (104 
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and 107 may be the same storage location, but this is not required). These rules are designed to 
generate new rules that prohibit certain data transactions from taking place. The TRG rules are 
accessed and read for further customization, then integrated into the data access management 
software 1 1 1 at particular times as described hereafter. Custom rules are loaded directly into 
memory 108. A request from a user 109 to access data 1 13 that meets the appropriate condition, 
produces an event 105 that will cause a TRG rule to create a transient customized rule 106 from a 
Template Rule previously loaded from the permanent storage 104, if the conditions specified in 
the TRG Rule are met. Rules are accessed in memory 108 and applied by data access management 
software 111 to the user request. A file access or database manager 112 and a communication 
fiinction 1 10 are also represented in Figure 1. The user communications may take place via an 
intranet, the Internet, or any other available communications channel. 

Please replace the last paragraph on page 5 (line 19, page 5 - line 1 1, page 6) as follows: 

In the conflict of interest example of a "Chinese Wall", an analyst consulting for a specific 
company must be prevented from accessing information about companies that are competitive 
with that company. A new analyst who is not consulting for any companies will have the ability to 
access information from any company in the database. The event of that analyst selecting 
information about any given company 105, will cause a transient rule to be generated 106, then 
loaded into memory 108 and saved to permanent storage 107. This rule will then be used by the 
data access management software 1 1 1 to prevent the analyst from accessing 1 12 any information 
about competitive companies stored in the database or file system 113. This rule will remain in 
effect until some pre-defined event occurs that indicates the analyst is no longer violating a 
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conflict of interest when accessing information on a competitive company. This may be on the 
condition that the analyst has not accessed information for his previous company for some time 
period. This time period b e ing consid e red is considered to be long enough that information 
accessed is out of date and no longer considered sensitive or having any significant value. The 
event may be that all the information accessed by the analyst has been made public. The event may 
be an override issued by an authorized individual. The event may be the removal of the previous 
company from the database or the conflict set. At the notification of this event, the rule will 
remove itself from consideration in the data access management software 111 and mark itself as 
inactive to be archived for audit purposes from permanent storage 107 to an audit log 1 14. Upon 
this occurring, the rule might notify the user 109 or some other designated recipient 115 (via 
message or e-mail or some other form of notification 110) of her/his change of status. The 
recipient may be a person or another computer process. 

Please replace the third paragraph on page 6 (line 20-25) as follows: 

In an enhanced embodiment, the user is notified of the particular time frame or condition 
that has caused his or her attempted action to be precluded. Thus, a user may be notified that 
because he was the individual signing the invoice, he may not pay that invoice. In this manner, the 
user will know that he can pay other invoices or can pay for that invoice if someone else places the 
ord e r. Or order, or that he cannot access information about a company because it would be a 
conflict of interest. 
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